If you or anyone within your business is using macOS High Sierra, there are a few steps you can take to minimise risk.
What you should do:
Here at Kordia and Aura Information Security, we recommend immediately setting a strong root user password. There are a number of ways in which you can do this:
How to reset your root password:
It should look like this:
If you are unable to reset your root user password immediately, the best protection is to restrict physical access and remote desktop access to the computer until this is able to be done.
Please note - resetting the root password is a temporary solution.
Setting a root password resolves the risk of being impacted by the macOS High Sierra security bug from the login screen and unlocking settings. However, it is not recommended that you retain a root password long-term. Industry best practice is to disable the root user or make it not possible to log in as root altogether. When a root password is used, the device is not tied to an individual person, gives full access to the computer, runs all actions with escalated privileges, and prevents accounting – making it impossible to determine who undertook actions on that device. It's recommended users have a separate administrative user that has administrative privileges but is not the root user directly. This makes accounting possible, and means that only desired actions are run with escalated privileges.
You should patch macOS when patches become available from Apple.
What we’re doing:
If you need help or would like to report an incident:
If you need help, please contact your account manager directly, or call 0800 KORDIA.
If you would like to report an incident, you can do so by calling New Zealand CERT on 0800 CERT NZ. If you would like to report an incident you can do so on CERT’s website here.